Share

There are no quiet weeks in security these days, but the firing of FBI Director James Comey made this one particularly loud. President Trump’s controversial dismissal won’t slow down the investigation into his campaign’s alleged ties with Russia, and it occurred with no apparent replacement lined up. And that’s just for starters.

Those worried about whether Comey’s files are safe can rest easy—it’s not like they were in a cardboard box. Those worried about whether our government has competent tech policy can, uh, well. And double that for security policy. And speaking of governments, the NSA confirmed that Russia definitely meddled with the “infrastructure” of France’s recent elections.

And there’s more. Each Saturday we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.

For all the controversy surrounding Trump’s early executive orders, his first crack at cybersecurity looks refreshingly even-keeled. There’s not much in there that’s actionable yet—much of it comprises deadlines for recommendations—but analysts appreciate the approach. In fact, it borrows heavily from the Obama administrations’s recommendations, and focuses heavily on protecting infrastructure and pushing as much as possible to the cloud. The only way to really measure its impact, though, will be to wait for the actual policies that emerge.

A researcher firm called Modzero this week discovered that many HP laptops contain an audio driver that records every single key entry. That’s not good! The driver itself isn’t the issue—HP doesn’t access that data—but it creates an opportunity for hackers to crack into systems and track everything their targets type. HP has since issued a patch that nukes both the keylogger and the log file, so you can resume typing without fear of snooping. At least, of this this specific brand.

Did you hear? Amazon’s Alexa products now support voice calling! Did you also hear? You can’t block specific contacts from calling or messaging you! It’s a feature that Amazon says is in route, but until then, you may not want to enable Alexa calling if you deal with harassment, or just generally value control over who blows up your phone.

Beating fingerprint scanners is a popular pastime of security researchers. In this case, though, the Tandon School of Engineering at NYU found a novel way to create fingerprint spoofs that work up to 65 percent of the time. The method takes advantage of the fact that today’s smartphone authentications mostly rely on identifying small portions of your fingerprint, rather than the whole thing. The team at Tandon developed an algorithm to create “MasterPrints,” a sort of lowest common denominator fingerprint that hits a partial fingerprint match with at least some regularity. Clever!